Remote Code Execution Vulnerability in Request a Quote Form Plugin for WordPress
CVE-2025-8420

8.1HIGH

Key Information:

Vendor

WordPress
Status
Request A Quote Form Plugin – Price Quote Request Management Made Easy
Vendor
CVE Published:
6 August 2025

What is CVE-2025-8420?

An issue has been identified in the Request a Quote Form plugin for WordPress, where improper validation of user input in the emd_form_builder_lite_pagenum function allows for Remote Code Execution. This vulnerability can be exploited by unauthenticated attackers to execute arbitrary code on the server, despite the inability to pass parameters to the invoked functions. Affected users are advised to upgrade to version 2.5.3 or later to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Request a Quote Form Plugin – Price Quote Request Management Made Easy * <= 2.5.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Mazzolini
JSON
.